| Age | Commit message (Collapse) | Author |
|---|
|
Loadfile2 code is installing two protocols on it's own handle
and uses efi_delete_handle() to clean it up on failure(s). However
commit 05c4c9e21ae6 ("efi_loader: define internal implementations of
install/uninstallmultiple") prepares the ground for us to clean up
efi_delete_handle() used in favor of Install/UninstallMultipleProtocol.
While at it clean up the non needed void casts to (void *) on the
protolcol installation.
Signed-off-by: Ilias Apalodimas <[email protected]>
Reviewed-by: Heinrich Schuchardt <[email protected]>
|
|
In general handles should only be deleted if the last remaining protocol
is removed. Instead of explicitly calling
efi_create_handle -> efi_add_protocol -> efi_delete_handle which blindly
removes all protocols from a handle before removing it, use
InstallMultiple/UninstallMultiple which adheres to the EFI spec and only
deletes a handle if there are no additional protocols present
Signed-off-by: Ilias Apalodimas <[email protected]>
Reviewed-by: Heinrich Schuchardt <[email protected]>
|
|
This is not needed and we should avoid typedefs. Use the struct instead.
Signed-off-by: Simon Glass <[email protected]>
|
|
efi_dp_str() allocates memory which should be released after use.
Use %pD printf code. Adjust message wording.
Fixes: d837cb1e3b6b ("efi: Add debugging to efi_set_bootdev()")
Signed-off-by: Heinrich Schuchardt <[email protected]>
|
|
cp.b is used a lot as a way to load binaries to memory and execute
them, however we may need to integrate this with the efi subsystem to
set it up as a bootdev.
So, introduce a loadm command that will be consistent with the other
loadX commands and will call the efi API's.
ex: loadm $kernel_addr $kernel_addr_r $kernel_size
with this a kernel with CONFIG_EFI_STUB enabled will be loaded and
then subsequently booted with bootefi command.
Signed-off-by: Rui Miguel Silva <[email protected]>
Reviewed-by: Tom Rini <[email protected]>
|
|
For indicating the address and size of a memory region other commands use a
<addr>[:<size>] syntax. Do the same for bootefi.
Fixes: 2058983689f0 ("cmd: bootefi: restore ability to boot arbitrary blob")
Signed-off-by: Heinrich Schuchardt <[email protected]>
|
|
Up until commit 5f59518a7b1ae ("efi_loader: setting boot device"), we
could boot an arbitrary blob with bootefi. Indeed, efi_run_image() even
has a special case for missing device paths indicating a payload that
was directly loaded via JTAG, for example.
Restore the ability to inject a UEFI payload into memory and `bootefi`
it. If the address passed isn't the last PE-COFF loaded, then we'll
wipe out the pre-existing DP/Image information and let efi_run_image()
synthesize a memory device path.
An image size is required if we're booting an arbitrary payload, and
the FDT argument has been changed to accept `-`. The size could be
deduced from the image header, but it's required anyways as an explicit
acknowledgment that one's trying to boot an arbitrary payload rather
than accidentally using the wrong address in the single-addr form.
Fixes: 5f59518a7b1a ("efi_loader: setting boot device")
Signed-off-by: Kyle Evans <[email protected]>
Reviewed-by: Heinrich Schuchardt <[email protected]>
|
|
For targets that enable ACPI, we should not pass Device Trees into
the payload. However, our distro boot logic always passes the builtin
DT as an argument.
To make it easy to use ACPI with distro boot, let's just ignore the DT
argument to bootefi when ACPI is enabled. That way, we can successfully
distro boot payloads on ACPI enabled targets.
Signed-off-by: Alexander Graf <[email protected]>
Reviewed-by: Mark Kettenis <[email protected]>
Reviewed-by: Heinrich Schuchardt <[email protected]>
|
|
UEFI specification requires that 5 minutes watchdog timer is
armed before the firmware's boot manager invokes an EFI boot option.
This watchdog timer is updated as follows, according to the
UEFI specification.
1) The EFI Image may reset or disable the watchdog timer as needed.
2) If control is returned to the firmware's boot manager,
the watchdog timer must be disabled.
3) On successful completion of EFI_BOOT_SERVICES.ExitBootServices()
the watchdog timer is disabled.
1) is up to the EFI image, and 3) is already implemented in U-Boot.
This patch implements 2), the watchdog is disabled when control is
returned to U-Boot.
In addition, current implementation arms the EFI watchdog at only
the first "bootefi" invocation. The EFI watchdog must be armed
in every EFI boot option invocation.
Signed-off-by: Masahisa Kojima <[email protected]>
Reviewed-by: Heinrich Schuchardt <[email protected]>
|
|
The operation of this function can be confusing. Add some debugging so
we can see what it is doing and when it is called.
Also drop the preprocessor usage.
Signed-off-by: Simon Glass <[email protected]>
Reviewed-by: heinrich Schuchardt <[email protected]>
|
|
U-Boot, in some occasions, injects a 'kaslr-seed' property on the /chosen
node. That would be problematic in case we want to measure the DTB we
install in the configuration table, since it would change across reboots.
The Linux kernel EFI-stub completely ignores it and only relies on
EFI_RNG_PROTOCOL for it's own randomness needs (i.e the randomization
of the physical placement of the kernel). In fact it (blindly) overwrites
the existing seed if the protocol is installed. However it still uses it
for randomizing it's virtual placement.
So let's get rid of it in the presence of the RNG protocol.
It's worth noting that TPMs also provide an RNG. So if we tweak our
EFI_RNG_PROTOCOL slightly and install the protocol when a TPM device
is present the 'kaslr-seed' property will always be removed, allowing
us to reliably measure our DTB.
Acked-by: Ard Biesheuvel <[email protected]>
Signed-off-by: Ilias Apalodimas <[email protected]>
Reviewed-by: Mark Kettenis <[email protected]>
|
|
It is a pain to have to specify the value 16 in each call. Add a new
hextoul() function and update the code to use it.
Add a proper comment to simple_strtoul() while we are here.
Signed-off-by: Simon Glass <[email protected]>
|
|
Up to now we install EFI_LOAD_FILE2_PROTOCOL to load an initrd
unconditionally. Although we correctly return various EFI exit codes
depending on the file status (i.e EFI_NO_MEDIA, EFI_NOT_FOUND etc), the
kernel loader, only falls back to the cmdline interpreted initrd if the
protocol is not installed.
This creates a problem for EFI installers, since they won't be able to
load their own initrd and continue the installation. It also makes the
feature hard to use, since we can either have a single initrd or we have
to recompile u-boot if the filename changes.
So let's introduce a different logic that will decouple the initrd
path from the config option we currently have.
When defining a UEFI BootXXXX we can use the filepathlist and store
a file path pointing to our initrd. Specifically the EFI spec describes:
"The first element of the array is a device path that describes the device
and location of the Image for this load option. Other device paths may
optionally exist in the FilePathList, but their usage is OSV specific"
When the EFI application is launched through the bootmgr, we'll try to
interpret the extra device path. If that points to a file that exists on
our disk, we'll now install the load_file2 and the efi-stub will be able
to use it.
This opens up another path using U-Boot and defines a new boot flow.
A user will be able to control the kernel/initrd pairs without explicit
cmdline args or GRUB.
Signed-off-by: Ilias Apalodimas <[email protected]>
Reviewed-by: Heinrich Schuchardt <[email protected]>
|
|
At present this function does not accept a size for the FIT. This means
that it must be read from the FIT itself, introducing potential security
risk. Update the function to include a size parameter, which can be
invalid, in which case fit_check_format() calculates it.
For now no callers pass the size, but this can be updated later.
Also adjust the return value to an error code so that all the different
types of problems can be distinguished by the user.
Signed-off-by: Simon Glass <[email protected]>
Reported-by: Bruce Monroe <[email protected]>
Reported-by: Arie Haenel <[email protected]>
Reported-by: Julien Lenoir <[email protected]>
|
|
Move this out of the common header and include it only where needed. In
a number of cases this requires adding "struct udevice;" to avoid adding
another large header or in other cases replacing / adding missing header
files that had been pulled in, very indirectly. Finally, we have a few
cases where we did not need to include <asm/global_data.h> at all, so
remove that include.
Signed-off-by: Simon Glass <[email protected]>
Signed-off-by: Tom Rini <[email protected]>
|
|
Some ARMv7 boards using PSCI require to be in secure-mode when booted via
'bootz' or 'bootm'. During distro-boot 'bootefi bootmgr' is called to check
if booting via UEFI is possible.
With the change we change the switch from secure mode to non-secure mode is
moved from the UEFI subsystem setup to just before calling StartImage().
Cc: Jernej Škrabec <[email protected]>
Reported by: Andre Przywara <[email protected]>
Signed-off-by: Heinrich Schuchardt <[email protected]>
|
|
Some boards are very tight on the binary size. Booting via UEFI is possible
without using the boot manager.
Provide a configuration option to make the boot manager available.
Signed-off-by: Heinrich Schuchardt <[email protected]>
|
|
A boot manager like GRUB can use the protocol to
* apply U-Boot's fix-ups to the a device-tree
* let U-Boot make memory reservations according to the device-tree
* install the device-tree as a configuration table
Signed-off-by: Heinrich Schuchardt <[email protected]>
|
|
Up to now the bootefi command used the last file loaded to determine the
boot partition. This has led to errors when the fdt had been loaded from
another partition after the EFI binary.
Before setting the boot device from a loaded file check if it is a PE-COFF
image or a FIT image.
For a PE-COFF image remember address and size, boot device and path.
For a FIT image remember boot device and path.
If the PE-COFF image is overwritten by loading another file, forget it.
Do not allow to start an image via bootefi which is not the last loaded
PE-COFF image.
Signed-off-by: Heinrich Schuchardt <[email protected]>
|
|
Currently when executing 'bootefi hello' we copy helloworld.efi to the
address identified by environment variable loadaddr. This is unexected
behavior for a user. There is no need to copy helloworld.efi before
executing it after relocation.
Remove the copy action.
Signed-off-by: Heinrich Schuchardt <[email protected]>
|
|
The device tree may contain a /reserved-memory node. The no-map property
of the sub-nodes signals if the memory may be accessed by the UEFI payload
or not.
In the EBBR specification (https://github.com/arm-software/ebbr) the
modeling of the reserved memory has been clarified.
If a reserved memory node in the device tree has the no-map property map,
create a EfiReservedMemoryType memory map entry else use
EfiBootServicesData.
Signed-off-by: Heinrich Schuchardt <[email protected]>
|
|
Write log messages when booting via the bootefi command to allow tracking
on the syslog server. Example messages are
Booting /snp.efi
or
Booting /MemoryMapped(0x0,0x4fe00000,0x35a40)
Loading image failed
Signed-off-by: Heinrich Schuchardt <[email protected]>
|
|
Add the missing description of the load_options parameter.
Signed-off-by: Heinrich Schuchardt <[email protected]>
|
|
Up to now we used the value of the bootargs environment variable as load
options in the boot manager. This is not correct. The data has to be taken
from the Boot#### variable.
Let the boot manager copy the optional data of the EFI_LOAD_OPTION as load
options to the loaded image protocol.
Signed-off-by: Heinrich Schuchardt <[email protected]>
|
|
The bootefi bootmgr command has to set the load options for a loaded image
from the value of BootXXXX variable. If the boot manager is not used, the
value is set from the environment variable bootargs (or efi_selftest).
Factor out a common function efi_set_load_options().
Signed-off-by: Heinrich Schuchardt <[email protected]>
|
|
Log messages of the bootefi command instead of simply printing them to the
console.
Do not show "## Application terminated" message when the UEFI binary
completed successfully.
Adjust the python tests testing for '## Application terminated'.
Signed-off-by: Heinrich Schuchardt <[email protected]>
|
|
With commit 0d7c2913fdf7 ("cmd: bootefi: Honor the address & size cells
properties correctly") addr was replaced by fdt_addr. But not in the check
against FDT_ADDR_T_NONE.
Fixes: 0d7c2913fdf7 ("cmd: bootefi: Honor the address & size cells properties
correctly")
Signed-off-by: Heinrich Schuchardt <[email protected]>
|
|
Variable fdt_size should be of type 'fdt_size_t', not 'fdt_addr_t'.
Fixes 0d7c2913fdf7: ("cmd: bootefi: Honor the address & size cells properties correctly")
Signed-off-by: Bin Meng <[email protected]>
Reviewed-by: Heinrich Schuchardt <[email protected]>
|
|
fdtdec_get_addr_size reads the uses a fixed value for address & size
cell properties which may not be correct always.
Use the auto variant of the function which automatically reads
#address-cells & #size-cells from parent and uses to read the "reg"
property.
Signed-off-by: Atish Patra <[email protected]>
On 32 bit systems fdt_addr_t may be 4 bytes long but size is defined as
u64. Avoid filling the upper 4 bytes of the sizep parameter of
fdtdec_get_addr_size_auto_parent() with random bytes from the stack by
defining a separate variable fdt_size.
Reviewed-by: Heinrich Schuchardt <[email protected]>
|
|
We should not use typedefs in U-Boot. They cannot be used as forward
declarations which means that header files must include the full header to
access them.
Drop the typedef and rename the struct to remove the _s suffix which is
now not useful.
This requires quite a few header-file additions.
Signed-off-by: Simon Glass <[email protected]>
|
|
Move this uncommon header out of the common header.
Signed-off-by: Simon Glass <[email protected]>
|
|
Virtually all callers of this function do the rounding on their own.
Some do it right, some don't. Instead of doing this in each caller,
do the rounding in efi_add_memory_map(). Change the size parameter
to bytes instead of pages and remove aligning and size calculation in
all callers.
There is no more need to make the original efi_add_memory_map() (which
takes pages as size) available outside the module. Thus rename it to
efi_add_memory_map_pg() and make it static to prevent further misuse
outside the module.
Signed-off-by: Michael Walle <[email protected]>
Add missing comma in sunxi_display.c.
Reviewed-by: Heinrich Schuchardt <[email protected]>
|
|
According to the UEFI spec ACPI tables should be placed in
EfiACPIReclaimMemory. Let's do the same with the device tree.
Suggested-by: Ard Biesheuvel <[email protected]>
Cc: Grant Likely <[email protected]>
Signed-off-by: Heinrich Schuchardt <[email protected]>
|
|
efi_free_pool() and efi_delete_handle() both check if their argument is
NULL. The caller should not duplicate this check.
Signed-off-by: Heinrich Schuchardt <[email protected]>
|
|
Sub-nodes of /reserved-memory may be disabled. In this case we should not
reserve memory in the memory map.
Reported-by: Patrick DELAUNAY <[email protected]>
Fixes: fef907b2e440 ("efi_loader: create reservations after
ft_board_setup")
Signed-off-by: Heinrich Schuchardt <[email protected]>
Reviewed-by: Atish Patra <[email protected]>
|
|
Currently, bootefi only parses memory reservation block to setup
EFI reserved memory mappings. However, it doesn't parse the
reserved-memory[1] device tree node that also can contain the
reserved memory regions.
Add capability to parse reserved-memory node and update the EFI memory
mappings accordingly.
1. <U-Boot source>/doc/device-tree-bindings/reserved-memory/reserved-memory.txt]
Signed-off-by: Atish Patra <[email protected]>
Fix an endless loop.
The /reserved-memory node may have children without reg property. Remove
a superfluous debug statement.
Signed-off-by: Heinrich Schuchardt <[email protected]>
|
|
Some memory reservations are made in ft_board_setup(). Ensure that we
create reserved memory map entries after ft_board_setup().
The downside of this patch is that if bootefi is called multiple times with
an devicetree argument superfluous reservations for the old copies of the
device tree will exist. But that is still better than missing a reservation.
Deleting the superfluous reservations is not possible because reservations
in the memory map are rounded to page size and may be coallesced.
Signed-off-by: Heinrich Schuchardt <[email protected]>
|
|
In the function description use the correct parameter name.
Mention EFI_FDT_USE_INTERNAL.
Signed-off-by: Heinrich Schuchardt <[email protected]>
|
|
At present dm/device.h includes the linux-compatible features. This
requires including linux/compat.h which in turn includes a lot of headers.
One of these is malloc.h which we thus end up including in every file in
U-Boot. Apart from the inefficiency of this, it is problematic for sandbox
which needs to use the system malloc() in some files.
Move the compatibility features into a separate header file.
Signed-off-by: Simon Glass <[email protected]>
|
|
When be launch a binary via bootefi the bootargs environment variable is
used to set the load options in the loaded image protocol.
Free memory allocated for load options when the UEFI binary exits.
Signed-off-by: Heinrich Schuchardt <[email protected]>
|
|
Use a pointer to addressable memory instead of a "physical" address in the
virtual address space of the sandbox to efi_install_fdt().
Export the efi_install_fdt() function.
Signed-off-by: Heinrich Schuchardt <[email protected]>
|
|
Provide public function efi_run_imager() which can be used to run an UEFI
image from memory.
Signed-off-by: Heinrich Schuchardt <[email protected]>
|
|
If the bootefi command is called without passing the address of a device
tree, the internal device tree is used. For devices with a hardware device
tree it is preferable to used the hardware device tree in this case.
Signed-off-by: Heinrich Schuchardt <[email protected]>
|
|
As part of moving the parsing of command line arguments to do_bootefi()
call efi_install_fdt() with the address of the device tree instead of a
string.
If the address is EFI_FDT_USE_INTERNAL (= 0), the internal device tree
is used.
Signed-off-by: Heinrich Schuchardt <[email protected]>
|
|
Move env_get() over to the new header file.
Acked-by: Joe Hershberger <[email protected]>
Signed-off-by: Simon Glass <[email protected]>
|
|
Describe efi_set_bootdev().
Change function descriptions to Sphinx style.
Signed-off-by: Heinrich Schuchardt <[email protected]>
|
|
We currently have some inconsistent use of efi_add_memory_map()
throughout the code. In particular the return value of efi_add_memory_map()
is not interpreted the same way by various users in the codebase.
This patch does the following:
- Changes efi_add_memory_map() to return efi_status_t.
- Adds a method description to efi_add_memory_map().
- Changes efi_add_memory_map() to return EFI_SUCCESS
- Returns non-zero for error in efi_add_memory_map()
- Updates efi_allocate_pages() to new efi_add_memory_map()
- Updates efi_free_pages() to new efi_add_memory_map()
- Updates efi_carve_out_dt_rsv() to new efi_add_memory_map()
- Updates efi_add_runtime_mmio() to new efi_add_memory_map()
Fixes: 5d00995c361c ("efi_loader: Implement memory allocation and map")
Fixes: 74c16acce30b ("efi_loader: Don't allocate from memory holes")
Suggested-by: Heinrich Schuchardt <[email protected]>
Cc: Alexander Graf <[email protected]>
Signed-off-by: Bryan O'Donoghue <[email protected]>
Reviewed-by: Heinrich Schuchardt <[email protected]>
|
|
Describe that efi_install_fdt() defaults to using the device tree
indicated by environment variable fdtcontroladdr.
ACPI tables and device trees are mutually exclusive.
Signed-off-by: Heinrich Schuchardt <[email protected]>
|
|
Move duplicate initialization code to single instance.
Adjust comments of concerned functions.
Signed-off-by: Heinrich Schuchardt <[email protected]>
|
|
allow_unaligned(), switch_to_non_secure_mode(), and efi_init_obj_list() are
called in sequence in multiple places.
Move calls to allow_unaligned() and switch_to_non_secure_mode() to
efi_init_obj_list().
Remove unused includes.
Signed-off-by: Heinrich Schuchardt <[email protected]>
|
